Merge pull request #1948 from marcosnils/fix/secrets

ci: Unify keys and add private key for testing purposes
This commit is contained in:
Andrea Luzzardi 2022-03-30 15:25:37 -07:00 committed by GitHub
commit 511dbd81f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 24 additions and 44 deletions

View File

@ -57,11 +57,9 @@ jobs:
sudo chmod +x /usr/local/bin/sops sudo chmod +x /usr/local/bin/sops
- name: "Import Dagger private key" - name: "Import Dagger private key"
env:
DAGGER_AGE_KEY: ${{ secrets.DAGGER_AGE_KEY }}
run: | run: |
mkdir -p ~/.config/dagger mkdir -p ~/.config/dagger
echo "$DAGGER_AGE_KEY" > ~/.config/dagger/keys.txt cp ./tests/age_key.txt ~/.config/dagger/keys.txt
- name: "Expose GitHub Runtime" - name: "Expose GitHub Runtime"
uses: crazy-max/ghaction-github-runtime@v1 uses: crazy-max/ghaction-github-runtime@v1

View File

@ -49,11 +49,9 @@ jobs:
sudo chmod +x /usr/local/bin/sops sudo chmod +x /usr/local/bin/sops
- name: "Import Dagger private key" - name: "Import Dagger private key"
env:
DAGGER_AGE_KEY: ${{ secrets.DAGGER_AGE_KEY }}
run: | run: |
mkdir -p ~/.config/sops/age mkdir -p ~/.config/sops/age
echo "$DAGGER_AGE_KEY" > ~/.config/sops/age/keys.txt cp ./tests/age_key.txt ~/.config/sops/age/keys.txt
- name: "Expose GitHub Runtime" - name: "Expose GitHub Runtime"
uses: crazy-max/ghaction-github-runtime@v1 uses: crazy-max/ghaction-github-runtime@v1

View File

@ -13,7 +13,7 @@ import (
dagger.#Plan & { dagger.#Plan & {
client: commands: sops: { client: commands: sops: {
name: "sops" name: "sops"
args: ["-d", "../../test_secrets.yaml"] args: ["-d", "../../secrets_sops.yaml"]
stdout: dagger.#Secret stdout: dagger.#Secret
} }
@ -26,7 +26,7 @@ dagger.#Plan & {
format: "yaml" format: "yaml"
} }
token: testSecrets.output.netlifyToken.contents token: testSecrets.output.NETLIFY_TOKEN.contents
marker: "hello world" marker: "hello world"
@ -41,7 +41,7 @@ dagger.#Plan & {
simple: { simple: {
// Deploy to netlify // Deploy to netlify
deploy: netlify.#Deploy & { deploy: netlify.#Deploy & {
team: "blocklayer" team: "dagger-test"
token: common.token token: common.token
site: "dagger-test" site: "dagger-test"
contents: common.data.output contents: common.data.output
@ -57,7 +57,7 @@ dagger.#Plan & {
swapImage: { swapImage: {
// Deploy to netlify // Deploy to netlify
deploy: netlify.#Deploy & { deploy: netlify.#Deploy & {
team: "blocklayer" team: "dagger-test"
token: common.token token: common.token
site: "dagger-test" site: "dagger-test"
contents: common.data.output contents: common.data.output

View File

@ -1,21 +0,0 @@
netlifyToken: ENC[AES256_GCM,data:DeTBgf73iiIDVJZ3i1Rd6Cn9KvJGwh7n8/u/zWKdpaMvU7R1X43JqMbZMg==,iv:0HmdJr7BHKQk+RrCWAzZCkU7BkJ5N5//otgwAgJnQ6w=,tag:DoVYsCnO6HMHXpakX4uBlA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUEhWbjV3M29oUUJyWk81
Wk1WQ1E0cmtuVlhNSGxkWUM3WmJXdUYvbzAwCjlFWW9IVmtmTjY1aU1LR2lxWFlT
am9RemNqSDRWK2FDYk1xeGNiTFlWMFUKLS0tIFVrSzBCMERQbnhYb09ReVpFK00v
TG5YUDlFVzlRRFBCdEhsNVlVK1dMRTgKx1TPZWWQiaU8iMni03/ekG+m4rFCcaa4
JI+ED2d+8411BgZtlss/ukQtwskidvYTvetyWw2jes6o1lhfDv5q2A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-01-20T00:42:44Z"
mac: ENC[AES256_GCM,data:N4dbowNmz34Hn/o1Ofv4g9Z5I7EzcYyrGpXSu9fkczd69zkTpv87uFamEdV/kQM2bbIEm9gS8d0oTi41qsC0iax368YUJmjG6xMptwrrA/mcjRzwXjlPrCZN9454srJw4NXWm0F5/aJQa4XlO65OCLZw+4WCz0wyAWwKzuQNAb0=,iv:EIG55jdEIbVp390uCVJ/rCjJO+s+CsAblH0/CIMNgIc=,tag:dcZDoMsBToikTQ83R0azag==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1

4
tests/age_key.txt Normal file
View File

@ -0,0 +1,4 @@
# Dagger CI
# created: 2021-05-26T17:10:52-07:00
# public key: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
AGE-SECRET-KEY-1R8RRCL7NXA5SHW6HEZCJ5FJG2JJECSNVDHCF533W3CNDJGQL0AVQEA0JK7

View File

@ -1,8 +1,9 @@
TestPAT: ENC[AES256_GCM,data:tLrYG8WCZah93gWkvltLzvxAhB1Tj7fmPZ/iZac8bjMo0+y74bq1qg==,iv:UD9s7flTy/FvW+NHg82l1xJruXldnSCRlRQpg5z7WO8=,tag:v35hzseqeY7V3P7J/hg28w==,type:str] TestPAT: ENC[AES256_GCM,data:R6yLIJWAdXBiXtNewC9TNZoG92Stzebvc94XHaTjdg1H3iLkV9/J4w==,iv:TDIkf+YNFnqj1f9UFPcMfHblcpLT56cOlShpm5JaMkY=,tag:urFpg9cSg+7+nsf9DON1Fw==,type:str]
DOCKERHUB_TOKEN: ENC[AES256_GCM,data:ZWXFsmZI/uf5VT/1Se4lvON4AK349sXclWI+kZrzabj7447U,iv:eTj0xRSwMjUUrokpIr7UohC07cO69WAsxO/NZXSsmLw=,tag:PjHp/PnIDL/dx4cjESpJgQ==,type:str] NETLIFY_TOKEN: ENC[AES256_GCM,data:AyLLlXC3FuAwHuQLM5RRhzwKIZyFkucKBABLXeWBYLnF9oaEfhn/xBRCbw==,iv:QyMGzxp4NY2jgFgj6ZEW7sGXQdPBWHPfRrs196EHnLg=,tag:/IJYM6C/g9iNcY+IQrUvbA==,type:str]
DOCKERHUB_TOKEN: ENC[AES256_GCM,data:oYROIHQZfR7c28aGvdDU3mURR/SBGhlbRsd84mNVAuxdy6S8,iv:RsVszAOxF19Z3i4HbWw4BKHCJdly8IT2gVOrQwE5Fgk=,tag:oks5BXxcU3UzoawzNkX7uw==,type:str]
AWS: AWS:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:jH9qw1DFauiOILteQJP4hbcAL/A=,iv:4WBQsGoQtApT7vUgIjopq4dC1KME9wQU1I7oj6KQy/E=,tag:WbSDp5rFEVgmqprY+RcBuw==,type:str] AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:KahWpPHbl+rv1RGOJHfl+g76FgQ=,iv:iDAYBuCJ4xMKLf4dHM50hq7B22nVXRd/nxAynwgjlns=,tag:+aBqWay5U//pT5b3RSGYWw==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:oR+i0k/escdAGX0hUWTpGGQvbbiU4BWlb3983lpcA1tI1egTj6Nmpg==,iv:iXPaZvjg03htTPiOMER5+iLP2qzdOJTfnq7xSHbFTAs=,tag:fa66HZubWdceC864bjXoDQ==,type:str] AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:mlEQJPJxsnaaXvB0L3SeNbAbY+rsKP4J01NzCvtQsyOMN35COXETDQ==,iv:NH5zhV5akMXcH+Gx/DvVHdOrl31kaIDwtyw1IF0gzHg=,tag:NL3uBHqHDFT80FqbflMVtw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,14 +13,14 @@ sops:
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaUprdU9CUFpGdFRTazA5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTa2ZOR3U1YzRNNGhwMHZx
Wll2RzVjUlhvRUVDbU1aVVhKV204Wjg3azFVCmdhYXZFTEl2TGFPTk83cmxjK2hM dG5yUFlyK2VMZGVaWkcxdzRwMk5oQjB1MVY4CnJKMTVONksvZHIrQkJIcWZpVXhK
RVNGZHBoSDZmQ1RKL0Y3S0ZHMUxEd2MKLS0tIDJaZWdsYVVuUXJPVkVCVlNPQkVG aUR1N0dtazM1ODFzS01CVmlVeERKeUEKLS0tIHh4OEVtc1BMbU9MRXRoOGJQakhj
eUt4NEUyVXVaa1FBVWhoeEJSTVpiWnMKJXNDKz9mf7zmb1oJ9BXgkDDfz2QUg/fJ cjgrby94cDZ0SW51UFNjVmpjVFNCeE0K9/OH1T2xiNSu27uTE6fqyzZfAIzpSNdL
Sx2jlW7s1TuiH8GeL4jxw5Euh0DFw6YZO9j05dcygJslZWtLopUHAQ== q/1B8YeDrRGg/jYYW53bLlwmcBzAK89JdE/RtFnLnqJ203mhrnpIWw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-02-18T17:21:55Z" lastmodified: "2022-03-30T20:59:45Z"
mac: ENC[AES256_GCM,data:50O/LO+8z+Dqm3wx8xaJGyL+nQ3KShQgDAYnV+GEjaacwBGhPSbwK5M/JxR98mq0PlikbHl0cv5CfUpvkShIuTdrz68QSsxn1KcVgiJeW5s8v2+0dJGEjOzy8ASnHm3uG0msB6cD00hrECc7htjaHCWk55cMlKliGUNNAh5Q28g=,iv:IujDY2mWrhfQNI1D40hev4yFNiqQSv8k4KN7kvpe7LQ=,tag:DfvoOkSxX1YIWPqAY31ifA==,type:str] mac: ENC[AES256_GCM,data:lfCIakVD8rd5PV38i9uz1z0btv/EQdlDbluxnZ+7fH9TDaKzLEgMhBrI/uOT8JImzVkgLB084nRPvfmIDQneAsE+lNakcWkUYHibxSjMr9fibaRnBSUFh3MfXf1zogKdIYjeoOdHyOAC7xus303ASJbebF45BiRVun+rjLIf1Pk=,iv:3K9RJzPymURK58zuHRil412rLmkQ4Mbz3B7zXW74aMw=,tag:haRsB73PQ9FPp1h265J3ew==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.1 version: 3.7.2

View File

@ -24,7 +24,7 @@ dagger.#Plan & {
} }
testRepo: core.#GitPull & { testRepo: core.#GitPull & {
remote: "https://github.com/dagger/dagger.git" remote: "https://github.com/dagger/test.git"
ref: "main" ref: "main"
auth: { auth: {
username: "dagger-test" username: "dagger-test"